shared/capabilities: simplify assertions about bits

The assert added in 7d328b5446 was wrong. Also update the comments and make sure we don't try to shift by type size.
2015-02-04 10:24:02 -05:00 · 2015-02-04 10:24:02 -05:00 · 2c9fc26670
parent 6295ba8c3d
commit 2c9fc26670
1 changed files with 4 additions and 4 deletions
--- a/src/shared/capability.c
+++ b/src/shared/capability.c
@ -275,10 +275,10 @@ int drop_privileges(uid_t uid, gid_t gid, uint64_t keep_capabilities) {
                        if (keep_capabilities & (1ULL << i))
                                bits[j++] = i;

-                /* don't keep too many bits */
-                assert((keep_capabilities & (~1ULL << i)) == 0);
-                /* don't throw away too many bits */
-                assert(((keep_capabilities >> i) & (~1ULL >> i)) == 0);
+                /* use enough bits */
+                assert(i == 64 || (keep_capabilities >> i) == 0);
+                /* don't use too many bits */
+                assert(keep_capabilities & (1ULL << (i - 1)));

                if (cap_set_flag(d, CAP_EFFECTIVE, j, bits, CAP_SET) < 0 ||
                    cap_set_flag(d, CAP_PERMITTED, j, bits, CAP_SET) < 0) {